CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,167 vulnerabilities with CWE-200
CVE-2018-15534 CRITICAL
Geutebrueck re_porter 16 < 7.8.974.20 - Unauthenticated Exposure of Sensitive Information via /statistics/gscsetup.xml
CVSS 9.8
CVE-2018-15599 MEDIUM
Debian Linux < 2018.76 - Information Disclosure
CVSS 5.3
CVE-2018-14023 MEDIUM
Open Whisper Signal <1.15.0-beta.10 - Info Disclosure
CVSS 4.0
CVE-2018-14079 HIGH
Wi2be SMART HP WMT R1.2.20_201400922 - Info Disclosure
CVSS 7.5
CVE-2018-1000645 MEDIUM
LibreHealthIO lh-ehr <REL-2.0.0 - Info Disclosure
CVSS 6.5
CVE-2018-1000635 MEDIUM
OMERO.server <5.4.6 - Info Disclosure
CVSS 6.7
CVE-2018-1000633 HIGH
OMERO.web < 5.4.7 - Exposure of Sensitive Information via Login and Password Change Logs
CVSS 7.2
CVE-2018-15594 MEDIUM
Linux Kernel < 4.18.1 - Exposure of Sensitive Information via Paravirtual Indirect Call Mishandling
CVSS 5.5
CVE-2018-15357 MEDIUM
Eltex ESP-200 <1.2.0 - Info Disclosure
CVSS 6.5
CVE-2018-8398 MEDIUM
Windows GDI - Information Disclosure via Memory Contents
CVSS 6.5
CVE-2018-8396 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 4.7
CVE-2018-8394 MEDIUM
Windows GDI - Information Disclosure via Memory Contents
CVSS 6.5
CVE-2018-8382 MEDIUM
Microsoft Excel - Information Disclosure via Memory Contents Exposure
CVSS 5.5
CVE-2018-8370 LOW
Microsoft Edge - Information Disclosure via WebAudio Library
CVSS 3.1
CVE-2018-8360 HIGH
Microsoft .NET Framework - Info Disclosure
CVSS 7.5
CVE-2018-8348 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 4.7
CVE-2018-8341 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Handling
CVSS 4.7
CVE-2018-3646 MEDIUM
Speculative Execution - Info Disclosure
CVSS 5.6
CVE-2018-14348 HIGH
libcgroup <= 0.41 - Exposure of Sensitive Information via Log File Permissions
CVSS 8.1
CVE-2018-15125 HIGH
Zipato Zipabox Firmware - Exposure of Sensitive Information
CVSS 7.5
CVE-2018-14785 HIGH
NetComm Wireless NWL-25 Firmware < 2.0.29.11 - Unauthenticated Information Exposure via Directory Listing
CVSS 7.5
CVE-2018-14782 HIGH
NetComm Wireless NWL-25 Firmware < 2.0.29.11 - Unauthenticated Configuration File Access
CVSS 7.5
CVE-2018-7686 HIGH
Micro Focus eDirectory < 9.1.1 - Information Disclosure via Shared Memory
CVSS 7.5
CVE-2018-14735 HIGH
Hitachi Command Suite 8.5.3 - Info Disclosure
CVSS 7.5
CVE-2018-10915 HIGH
Redhat Openstack < 9.3.24 - Information Disclosure
CVSS 8.5
Details
Vulnerabilities 10,167
Exploit Likelihood High