CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,167 vulnerabilities with CWE-200
CVE-2018-16288 HIGH
LG SuperSign CMS - Unauthenticated Arbitrary File Read via signEzUI Playlist Upload Path Traversal
CVSS 8.6
CVE-2018-1698 MEDIUM
IBM Maximo Asset Mgmt <7.6.3 - Info Disclosure
CVSS 5.3
CVE-2018-15310 MEDIUM
BIG-IP APM portal access <12.1.3 - Info Disclosure
CVSS 4.3
CVE-2018-8452 MEDIUM
Internet Explorer and Microsoft Edge - Information Disclosure via Scripting Engine Memory Handling
CVSS 4.3
CVE-2018-8446 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
CVE-2018-8445 MEDIUM
Windows 10 and Windows Server - Kernel Information Disclosure via Memory Object Handling
CVSS 5.5
CVE-2018-8444 MEDIUM
Windows SMBv2 - Information Disclosure via Malicious Request Handling
CVSS 5.9
CVE-2018-8443 MEDIUM
Windows - Information Disclosure via Kernel Memory Handling
CVSS 5.5
CVE-2018-8442 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
CVE-2018-8434 MEDIUM
Windows Hyper-V - Information Disclosure via Improper Input Validation
CVSS 5.4
CVE-2018-8433 MEDIUM
Windows Graphics Component - Information Disclosure via Memory Handling
CVSS 4.7
CVE-2018-8429 MEDIUM
Microsoft Excel - Information Disclosure via Memory Exposure
CVSS 5.5
CVE-2018-8424 MEDIUM
Windows GDI - Information Disclosure via Memory Contents
CVSS 6.5
CVE-2018-8422 MEDIUM
Windows 7 and Windows Server 2008 R2 - Information Disclosure in GDI Component
CVSS 6.5
CVE-2018-8366 LOW
Microsoft Edge - Information Disclosure via Fetch API Filtered Response Handling
CVSS 3.1
CVE-2018-8336 MEDIUM
Windows 7 and Windows Server 2008 - Kernel Information Disclosure via Improper Memory Handling
CVSS 5.5
CVE-2018-8315 MEDIUM
Internet Explorer 10-11, Edge, ChakraCore - Information Disclosure via Scripting Engine Object Handling
CVSS 4.2
CVE-2018-8271 MEDIUM
Windows bowser.sys - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2018-16977 MEDIUM
Monstra CMS V3.0.4 - Info Disclosure
CVSS 5.3
CVE-2018-7921 MEDIUM
Huawei B315s-22 <21.318.01.00.26 - Info Disclosure
CVSS 6.5
CVE-2018-16948 HIGH
OpenAFS <1.6.23 & 1.8.x <1.8.2 - Info Disclosure
CVSS 7.5
CVE-2018-16705 CRITICAL
FURUNO FELCOM 250-500 - Info Disclosure
CVSS 9.8
CVE-2018-16710 CRITICAL
OctoPrint <1.3.9 - Info Disclosure/DoS
CVSS 9.1
CVE-2018-16658 MEDIUM
Linux kernel <4.18.6 - Info Disclosure
CVSS 6.1
CVE-2018-16307 HIGH
Xiaomi MIWiFi Xiaomi_55DD 2.8.50 - Server-Side Request Forgery via HTTP Host Header
CVSS 7.5
Details
Vulnerabilities 10,167
Exploit Likelihood High