CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,167 vulnerabilities with CWE-200
CVE-2018-15684 MEDIUM
BTITeam XBTIT < 2.5.4 - Sensitive Information Exposure via PHP Error Logs
CVSS 5.3
CVE-2018-16539 MEDIUM
Artifex Ghostscript < 9.24 - Unauthorized File Read via Temp File Handling
CVSS 5.5
CVE-2018-1353 MEDIUM
Fortinet FortiManager < 6.0.1 - Unauthorized Interface Settings Exposure via ADOM Assignment
CVSS 4.3
CVE-2018-7938 LOW
P10 Huawei <Victoria-AL00AC00B217 - Info Disclosure
CVSS 3.3
CVE-2018-10927 HIGH
Debian Linux < 3.12.14 - Information Disclosure
CVSS 8.1
CVE-2018-10913 MEDIUM
glusterfs 3.12.0-3.12.13 - Information Disclosure via Xattr Request
CVSS 6.5
CVE-2018-10911 HIGH
glusterfs 3.12.0-3.12.13 - Integer Overflow in dic_unserialize Function
CVSS 7.5
CVE-2018-16323 MEDIUM
ImageMagick < 6.9.10-9 - Information Exposure via XBM Image Processing
CVSS 6.5
CVE-2018-6259 LOW
NVIDIA GeForce Experience < 3.14.1 - Information Disclosure via GameStream
CVSS 2.5
CVE-2018-15364 MEDIUM
Trend Micro OfficeScan XG 12.0 - Info Disclosure
CVSS 4.7
CVE-2018-14902 HIGH
EPSON iPrint <6.6.3 - Info Disclosure
CVSS 7.5
CVE-2018-13391 MEDIUM
Atlassian Jira < 7.6.8, 7.7.0-7.7.4, 7.8.0-7.8.4, 7.9.0-7.9.2, 7.10.0-7.10.2, 7.11.0-7.11.1 - Email Address Exposure
CVSS 5.3
CVE-2018-1705 MEDIUM
IBM Platform Symphony 7.1, 7.1.1 & IBM Spectrum Symphony 7.1.2, 7.2.0.2 - Sensitive Info Exposure
CVSS 6.5
CVE-2018-15919 MEDIUM
OpenSSH 5.9-7.8 - User Enumeration via GSS2 Authentication
CVSS 5.3
CVE-2018-1644 LOW
IBM WebSphere Commerce 7.0.0.0-9.0.0.4 - Authenticated Exposure of Sensitive Information
CVSS 3.1
CVE-2018-15698 MEDIUM
ASUSTOR Data Master < 3.1.5 - Authenticated Arbitrary File Read via loginimage.cgi
CVSS 6.5
CVE-2018-15697 MEDIUM
ASUSTOR Data Master < 3.1.5 - Authenticated Arbitrary File Read via Share Path
CVSS 6.5
CVE-2018-15696 MEDIUM
ASUSTOR Data Master < 3.1.5 - Authenticated User Enumeration via user.cgi
CVSS 4.3
CVE-2018-11654 HIGH
Netwave IP Camera Firmware - Unauthenticated Sensitive Information Exposure via get_status.cgi
CVSS 7.5
CVE-2018-11653 CRITICAL
Netwave IP Camera - Unauthenticated Sensitive Information Exposure via RT2870STA.dat
CVSS 9.8
CVE-2018-1755 MEDIUM
IBM WebSphere Application Server Liberty - Sensitive Information Exposure via JASPIC Authentication
CVSS 5.9
CVE-2018-1999046 MEDIUM
Jenkins <2.137-2.121.2 - Info Disclosure
CVSS 4.3
CVE-2018-10919 MEDIUM
Canonical Ubuntu Linux < 4.6.16 - Information Disclosure
CVSS 4.3
CVE-2018-15668 MEDIUM
Bloop Airmail 3 3.5.9 - Unauthenticated Exposure of Sensitive Information via airmail:// URL Scheme
CVSS 5.3
CVE-2018-15661 HIGH
Ola Money 1.9.0 - Authentication Bypass via Forgot Password Screen
CVSS 7.5
Details
Vulnerabilities 10,167
Exploit Likelihood High