CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-5118 MEDIUM
Firefox < 58 - Sensitive Local File Exposure via Activity Stream Screenshot Feature
CVSS 5.3
CVE-2018-5115 HIGH
Firefox < 58 - Exposure of Sensitive Information via HTTP Authentication Prompt
CVSS 7.5
CVE-2018-5114 MEDIUM
Firefox < 58 - HttpOnly Cookie Information Exposure via Script Access
CVSS 5.3
CVE-2018-5108 MEDIUM
Firefox < 58 - Exposure of Sensitive Information via Blob URL Origin Attribute Violation
CVSS 4.3
CVE-2018-5106 MEDIUM
Firefox < 58 - Cross-Origin Information Leak via Developer Tools Style Editor
CVSS 5.3
CVE-2018-12089 HIGH
Octopus Deploy <2018.5.7 - Info Disclosure
CVSS 7.5
CVE-2018-1281 MEDIUM
Apache MXNet < 1.0.0 - Unintended Network Exposure via DMLC_PS_ROOT_URI Bypass
CVSS 6.5
CVE-2018-4252 MEDIUM
iPhone OS < 11.4 - Lock-Screen Bypass via Siri
CVSS 4.6
CVE-2018-4244 MEDIUM
iPhone OS < 11.4 - Unauthorized Exposure of Private Contact Information via Siri
CVSS 4.6
CVE-2018-4239 MEDIUM
iPhone OS < 11.4 - Unauthorized Exposure of Sensitive Information via Magnifier Lock-Screen Bypass
CVSS 4.6
CVE-2018-4226 MEDIUM
iPhone OS < 11.4, macOS < 10.13.5, watchOS < 4.3.1, iCloud < 7.5, iTunes < 12.7.5 - Sensitive Information Exposure
CVSS 5.5
CVE-2018-4224 MEDIUM
Apple tvOS < 11.4 - Local Device Identifier Exposure via Security Component
CVSS 5.5
CVE-2018-4223 MEDIUM
Apple tvOS < 11.4 - Unauthorized Persistent Account Identifier Exposure
CVSS 5.5
CVE-2018-4221 HIGH
iPhone OS < 11.4 and macOS < 10.13.5 - User Tracking via S/MIME Client Certificate Transmission
CVSS 7.5
CVE-2018-4196 HIGH
macOS < 10.13.5 - Privilege Escalation and Information Disclosure via Accessibility Framework
CVSS 7.8
CVE-2018-4171 MEDIUM
macOS < 10.13.5 - Unauthorized Kernel Memory Exposure via Bluetooth Device Properties
CVSS 5.5
CVE-2018-4159 MEDIUM
macOS < 10.13.5 - Unauthorized Memory Read via Graphics Drivers
CVSS 5.5
CVE-2018-4141 MEDIUM
macOS < 10.13.5 - Unauthorized Memory Read via Intel Graphics Driver
CVSS 5.5
CVE-2018-11409 MEDIUM
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
CVSS 5.3
CVE-2018-0335 HIGH
Cisco Prime Collaboration Provisioning - Unauthenticated Sensitive Data Exposure via World-Readable Log File
CVSS 7.8
CVE-2018-10198 MEDIUM
OTRS 6.0.0-6.0.6 - Authenticated Exposure of Sensitive Information via Ticket Overview Screen
CVSS 4.3
CVE-2018-1000196 MEDIUM
Jenkins Gitlab Hook Plugin <1.4.2 - Info Disclosure
CVSS 6.5
CVE-2018-10599 MEDIUM
IntelliVue MP Series - Info Disclosure
CVSS 5.3
CVE-2018-1000191 MEDIUM
Jenkins Black Duck Detect Plugin <1.4.0 - Info Disclosure
CVSS 6.5
CVE-2018-1000190 MEDIUM
Jenkins Black Duck Hub Plugin <4.0.0 - Info Disclosure
CVSS 6.5
Details
Vulnerabilities 10,172
Exploit Likelihood High