CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,161 vulnerabilities with CWE-200
CVE-2018-14702 HIGH
Drobo 5N2 NAS <4.0.5-13.28.96115 - Info Disclosure
CVSS 7.5
CVE-2018-14696 HIGH
Drobo 5N2 NAS <4.0.5-13.28.96115 - Info Disclosure
CVSS 7.5
CVE-2018-14695 HIGH
Drobo 5N2 NAS <4.0.5-13.28.96115 - Info Disclosure
CVSS 7.5
CVE-2018-16477 MEDIUM
Rails < 5.2.1.1 - Information Disclosure
CVSS 6.5
CVE-2018-19120 HIGH
KDE Applications < 18.12.0 - Exposure of Sensitive Information via HTML Thumbnailer Plugin
CVSS 7.5
CVE-2018-15979 HIGH
Adobe Acrobat and Reader DC < 15.006.30456, 15.008.20082-19.008.20080 - NTLM SSO Hash Theft
CVSS 7.5
CVE-2018-7977 HIGH
FusionSphere OpenStack - Unauthenticated Information Disclosure via Insufficient Service Communication Protection
CVSS 7.5
CVE-2018-7961 MEDIUM
Huawei Emily-AL00A Firmware - Sensitive Information Exposure via Smart SMS Verification Code
CVSS 6.5
CVE-2018-7946 MEDIUM
Huawei Honor 7A <8.0.0.195 & Honor 9 Lite <8.0.0.182 - Sensitive Info Exposure
CVSS 4.3
CVE-2018-13352 HIGH
TerraMaster TOS 3.1.03 - Unauthenticated Session Token Exposure via World-Readable Directory
CVSS 7.5
CVE-2018-10142 HIGH
Expedition Migration Tool <1.0.106 - Info Disclosure
CVSS 7.5
CVE-2018-6266 MEDIUM
NVIDIA GeForce Experience < 3.16 - Exposure of Sensitive Information via Third Party Integration Parameters
CVSS 5.5
CVE-2018-19609 MEDIUM
ShowDoc 2.4.1 - Exposure of Sensitive Information via Page ID Manipulation
CVSS 6.5
CVE-2018-13319 HIGH
Buffalo TS5600D1206 Firmware 3.61-0.10 - Unauthenticated Exposure of Sensitive Information via get_portal_info
CVSS 7.5
CVE-2018-16862 MEDIUM
Linux Kernel < 4.14 - Unauthorized Data Exposure via Cleancache Inode Reuse
CVSS 5.3
CVE-2018-1843 MEDIUM
IBM Cloud Private 3.1.0 - Unauthenticated Sensitive Information Exposure via Unencrypted IAM Traffic
CVSS 4.1
CVE-2018-18865 HIGH
Royal TS < 4.3.60728 and TSX < 3.3.1 - Credentials Disclosure
CVSS 8.1
CVE-2018-16224 MEDIUM
iSmartAlarm Cube One < 2.2.4.10 - Unauthenticated Sensitive Information Exposure via Diagnostic Files
CVSS 5.3
CVE-2018-1841 MEDIUM
IBM Cloud Private 2.1.0 - Unauthorized Exposure of CA Private Key
CVSS 6.2
CVE-2018-7360 CRITICAL
ZTE ZXHN F670 Firmware < 1.1.10p3t18 - Unauthenticated Exposure of Sensitive Information via appviahttp Service
CVSS 9.6
CVE-2018-1639 MEDIUM
Jazz Reporting Service <6.0.6 - Info Disclosure
CVSS 4.3
CVE-2018-9071 MEDIUM
Lenovo Chassis Management Module Firmware < 2.0.0 - Unauthenticated Exposure of Authentication Configuration Settings
CVSS 5.3
CVE-2018-5407 MEDIUM
Ubuntu Linux - Exposure of Sensitive Information via SMT Port Contention Timing Attack
CVSS 4.7
CVE-2018-9543 MEDIUM
Android 7.0-9 - Unauthenticated Local Information Disclosure via Incomplete Factory Reset
CVSS 5.5
CVE-2018-9526 HIGH
Android 9 - Unauthenticated Remote Device Location Disclosure via Improper Configuration
CVSS 7.5
Details
Vulnerabilities 10,161
Exploit Likelihood High