CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,160 vulnerabilities with CWE-200
CVE-2018-16870 MEDIUM
wolfssl < 3.15.7 - TLS Downgrade Attack via Bleichenbacher Attack Variant
CVSS 5.9
CVE-2018-16876 MEDIUM
ansible <2.5.14-2.7.5 - Info Disclosure
CVSS 5.3
CVE-2018-7900 MEDIUM
Huawei HG8010H/HG8040H/HG8110H/HG8240H/HG8242H/HG8045Q Firmware - Information Disclosure
CVSS 6.5
CVE-2018-20609 MEDIUM
imcat 4.4 - Exposure of Sensitive Information via check.php
CVSS 5.3
CVE-2018-20608 HIGH
imcat 4.4 - Unauthenticated Sensitive Information Exposure via adbug binfo.php
CVSS 7.5
CVE-2018-20607 MEDIUM
imcat 4.4 - Exposure of Sensitive Information via Debugging Endpoint
CVSS 5.3
CVE-2018-20606 HIGH
imcat 4.4 - Information Disclosure via dev.php URI
CVSS 7.5
CVE-2018-20602 HIGH
Lei Feng TV CMS 3.8.6 - Full Path Disclosure via /install.php
CVSS 7.5
CVE-2018-14986 HIGH
Leagoo Z5C Firmware - Unauthorized Exposure of SMS Data via Messaging Content Provider
CVSS 7.5
CVE-2018-14984 HIGH
Leagoo Z5C Firmware - Unauthenticated SMS Transmission via Exported Broadcast Receiver
CVSS 7.5
CVE-2018-14979 MEDIUM
ASUS ZenFone 3 Max - Info Disclosure
CVSS 4.7
CVE-2018-20571 HIGH
DamiCMS 6.0.1 - Unauthenticated Arbitrary File Read via Tpl/Add/id Parameter
CVSS 7.5
CVE-2018-20511 MEDIUM
Linux Kernel < 4.18.11 - Authenticated Kernel Address Exposure via SIOCFINDIPDDPRT ioctl
CVSS 5.5
CVE-2018-11741 CRITICAL
NEC Univerge SV9100 WebPro Firmware 6.00.00 - Account Information Disclosure via Predictable Session ID
CVSS 9.8
CVE-2018-20483 HIGH
GNU Wget < 1.20.1 - Sensitive Information Exposure via Extended File Attributes
CVSS 7.8
CVE-2018-20478 HIGH
S-CMS 1.0 - Unauthenticated Sensitive File Exposure via Mixed-Case Extension Bypass
CVSS 7.5
CVE-2018-8919 HIGH
Synology DiskStation Manager < 6.1.6-15266 - Credential Exposure via SYNO.Core.Desktop.SessionData
CVSS 8.3
CVE-2018-20371 CRITICAL
PhotoRange Photo Vault 1.2 - Exposure of Sensitive Information via Password in URI
CVSS 9.8
CVE-2018-18441 HIGH
D-Link DCS Series Firmware >= 1.00 - Unauthenticated Exposure of Sensitive Information via /common/info.cgi
CVSS 7.5
CVE-2018-17244 MEDIUM
Elasticsearch Security <6.4.2 - Info Disclosure
CVSS 6.5
CVE-2018-20307 MEDIUM
Pulse Secure Virtual Traffic Manager <9.9r2, 10.4r1 - Info Disclosure
CVSS 4.3
CVE-2018-16883 LOW
sssd 1.13.0-<2.0.0 - Unauthorized Information Exposure via Infopipe
CVSS 2.5
CVE-2018-7812 HIGH
Modicon M340-Quantum - Info Disclosure
CVSS 7.5
CVE-2018-19976 MEDIUM
YARA 3.8.1 - Exposure of Sensitive Information via Bytecode Environment Leak
CVSS 5.5
CVE-2018-20170 MEDIUM
OpenStack Keystone <14.0.1 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,160
Exploit Likelihood High