CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,161 vulnerabilities with CWE-200
CVE-2018-9489 HIGH
Android 7.0-9.0 - Unauthenticated Exposure of Sensitive Wifi Network Information via Broadcast Intent
CVSS 7.5
CVE-2018-1606 MEDIUM
IBM Rational Collaborative Lifecycle Management 5.0-5.02 & 6.0-6.0.6 - Sensitive Info Exposure via Error Message
CVSS 4.3
CVE-2018-17907 LOW
Omron CX-Supervisor <3.4.1.0 - Info Disclosure
CVSS 3.3
CVE-2018-16849 LOW
Openstack-mistral - Info Disclosure
CVSS 3.1
CVE-2018-1878 MEDIUM
IBM Robotic Process Automation with Automation Anywhere 11 - Exposure of Sensitive Information via Web Request
CVSS 5.3
CVE-2018-3947 HIGH
Yi Home Camera 27US 1.8.7.0D - Unauthenticated Exposure of Sensitive Information via Network Traffic
CVSS 8.1
CVE-2018-3928 HIGH
Yi Home Camera 27US 1.8.7.0D - Denial of Service via UDP Packet Handling
CVSS 7.5
CVE-2018-13281 MEDIUM
Synology DiskStation Manager < 6.2-23739-2 - Authenticated Information Exposure via SYNO.Core.ACL file_path Parameter
CVSS 4.3
CVE-2018-16467 MEDIUM
Nextcloud Server < 14.0.0 - Unauthenticated Access to Password-Protected Share Previews
CVSS 5.3
CVE-2018-1380 LOW
IBM InfoSphere MDM CS <11.7 - Privilege Escalation
CVSS 2.7
CVE-2018-18778 MEDIUM
ACME mini-httpd < 1.30 - Unauthenticated Arbitrary File Read
CVSS 6.5
CVE-2018-18710 MEDIUM
Linux Kernel < 4.19 - Information Disclosure via cdrom_ioctl_select_disc
CVSS 5.5
CVE-2018-6559 LOW
Linux Kernel - Unauthorized File Name Exposure via overlayfs User Namespace Mount
CVSS 3.3
CVE-2018-18658 HIGH
Arcserve UDP - Unauthenticated Sensitive Information Exposure via FullUpdateSettings.xml
CVSS 7.5
CVE-2018-18657 HIGH
Arcserve UDP - Unauthenticated Sensitive Information Disclosure via /gateway/services/EdgeServiceImpl
CVSS 7.5
CVE-2018-11846 MEDIUM
Snapdragon Mobile - Info Disclosure
CVSS 4.7
CVE-2018-18655 MEDIUM
Prayer < 1.3.5 - Unauthenticated Exposure of Sensitive Information via Referer Header
CVSS 4.3
CVE-2018-18566 MEDIUM
Polycom VVX 500 and 601 Firmware < 5.8.0.12848 - Unauthenticated Sensitive Information Exposure via SIP Service
CVSS 5.3
CVE-2018-18467 HIGH
Conversations 2.3.4 - Exposure of Sensitive Information via Intent Spoofing
CVSS 7.5
CVE-2018-18428 HIGH
TP-Link TL-SC3130 1.6.18P12_121101 - Unauthenticated Exposure of Sensitive Information via RTSP Stream
CVSS 7.5
CVE-2018-12673 HIGH
SV3C H.264 POE IP Camera Firmware V2.3.4.2103-S50-NTD-B20170508B/B20170823B - Sensitive Information Exposure
CVSS 7.5
CVE-2018-12671 CRITICAL
SV3C H.264 PoE IP Camera Firmware V2.3.4.2103-S50-NTD-B20170508B/B20170823B - Sensitive Information Exposure
CVSS 9.8
CVE-2018-18390 HIGH
Moxa ThingsPro 2.1 - User Enumeration
CVSS 7.5
CVE-2018-15765 LOW
Dell EMC Secure Remote Services < 3.32.00.08 - Sensitive Information Exposure via Log File
CVSS 3.4
CVE-2018-18487 HIGH
Gxlcms v2.0 - Exposure of Sensitive Information via Predictable Database Backup Filename
CVSS 7.5
Details
Vulnerabilities 10,161
Exploit Likelihood High