CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,161 vulnerabilities with CWE-200
CVE-2018-15967 HIGH
Adobe Flash Player < 31.0.0.108 - Information Disclosure
CVSS 7.5
CVE-2018-15964 HIGH
Adobe ColdFusion 2018.0.0.310739 (Update 6 and earlier, Update 14 and earlier) - Information Disclosure
CVSS 7.5
CVE-2018-15962 MEDIUM
Adobe ColdFusion 2018.0.0.310739 Update 6 and earlier - Directory Listing Information Disclosure
CVSS 5.3
CVE-2018-10498 MEDIUM
Samsung Email <5.0.02.16 - Info Disclosure
CVSS 5.5
CVE-2018-15615 HIGH
Avaya Call Management System Supervisor R17.0.x and R18.0.x - Local Sensitive Information Exposure
CVSS 7.2
CVE-2018-17404 MEDIUM
SBIbuddy 1.41-1.42 - Exposure of Sensitive Information
CVSS 5.3
CVE-2018-17402 MEDIUM
PhonePe wallet <3.3.26 - Info Disclosure
CVSS 5.3
CVE-2018-14731 HIGH
Parcel parcel-bundler - Info Disclosure
CVSS 7.5
CVE-2018-14730 HIGH
browserify-hmr < 0.4.0 - Unauthenticated Exposure of Sensitive Information via WebSocket Server
CVSS 7.5
CVE-2018-8023 MEDIUM
Apache Mesos <1.4.2, 1.5.0, 1.5.1, 1.6.0 - Timing Attack
CVSS 5.9
CVE-2018-1685 MEDIUM
IBM DB2 9.7, 10.1, 10.5, 11.1 - Unauthorized File Read via db2cacpy
CVSS 5.5
CVE-2018-1800 MEDIUM
IBM Sterling B2B Integrator 5.2.6.0 and 6.2.6.1 - Exposure of Sensitive Information During Installation
CVSS 5.1
CVE-2018-3831 HIGH
Elasticsearch 5.6.0-5.6.11 - Authenticated Exposure of Sensitive Information via _cluster/settings API
CVSS 8.8
CVE-2018-3826 MEDIUM
Elasticsearch 6.0.0-beta1-6.2.4 - Exposure of Sensitive Information via _snapshot API
CVSS 6.5
CVE-2018-16671 MEDIUM
CIRCONTROL CirCarLife <4.3 - Info Disclosure
CVSS 5.3
CVE-2018-11275 MEDIUM
Android - Exposure of Sensitive Information via FastbootLib Image Flashing
CVSS 5.5
CVE-2018-14642 MEDIUM
Undertow < 2.0.19.FINAL - Information Disclosure via Write Buffer Flush
CVSS 5.3
CVE-2018-16959 MEDIUM
Oracle WebCenter Interaction Portal 10.3.3 - Info Disclosure
CVSS 5.3
CVE-2018-17091 MEDIUM
i4a donlinkage 6.6.8 - Exposure of Sensitive Information via Direct Request for temporary.txt
CVSS 5.4
CVE-2018-16288 HIGH
LG SuperSign CMS - Unauthenticated Arbitrary File Read via signEzUI Playlist Upload Path Traversal
CVSS 8.6
CVE-2018-1698 MEDIUM
IBM Maximo Asset Mgmt <7.6.3 - Info Disclosure
CVSS 5.3
CVE-2018-15310 MEDIUM
BIG-IP APM portal access <12.1.3 - Info Disclosure
CVSS 4.3
CVE-2018-8452 MEDIUM
Internet Explorer and Microsoft Edge - Information Disclosure via Scripting Engine Memory Handling
CVSS 4.3
CVE-2018-8446 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
CVE-2018-8445 MEDIUM
Windows 10 and Windows Server - Kernel Information Disclosure via Memory Object Handling
CVSS 5.5
Details
Vulnerabilities 10,161
Exploit Likelihood High