CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-8127 MEDIUM
Windows - Kernel Information Disclosure via Improper Memory Handling
CVSS 5.5
CVE-2018-8123 MEDIUM
Microsoft Edge - Information Disclosure via Improper Memory Handling
CVSS 4.3
CVE-2018-10770 CRITICAL
ShenZhen Anni 5 in 1 XVR Firmware - Unauthenticated Sensitive Information Exposure via download.rsp
CVSS 9.8
CVE-2018-6921 MEDIUM
FreeBSD 11.0-11.1 - Unauthorized Kernel Memory Exposure via Network Subsystem
CVSS 5.5
CVE-2018-6920 MEDIUM
FreeBSD 10.0-10.4 - Unauthenticated Exposure of Sensitive Information via Insufficient Memory Initialization
CVSS 5.5
CVE-2018-1000176 MEDIUM
Jenkins Email Extension Plugin <2.61 - Info Disclosure
CVSS 6.5
CVE-2018-10734 CRITICAL
KONGTOP A303 A403 D303 D305 D403 Firmware - Unauthenticated Sensitive Information Exposure via Print_Password Function
CVSS 9.8
CVE-2018-10229 MEDIUM
GPU Memory Modules - Info Disclosure
CVSS 4.8
CVE-2018-0288 MEDIUM
Cisco WebEx Meetings Online - Unauthenticated Sensitive Information Exposure via Malicious WRF File
CVSS 5.3
CVE-2018-0278 MEDIUM
Cisco Secure Firewall Management Center - Unauthenticated Sensitive Information Exposure via WebSocket
CVSS 6.5
CVE-2018-0245 MEDIUM
Cisco 5500 and 8500 Series Wireless LAN Controller Software - Unauthenticated Information Disclosure via REST API URL
CVSS 5.3
CVE-2018-1468 MEDIUM
IBM API Connect <5.0.8.2 - Info Disclosure
CVSS 4.3
CVE-2018-10583 HIGH
LibreOffice 6.0.3 - Apache OpenOffice Writer 4.1.5 - Info Disclosure
CVSS 7.5
CVE-2018-10581 MEDIUM
Octopus Deploy <2018.4.7 - Info Disclosure
CVSS 5.4
CVE-2018-10545 MEDIUM
PHP < 5.6.35, 7.0.x < 7.0.29, 7.1.x < 7.1.16, 7.2.x < 7.2.4 - Sensitive Info Exposure via FPM
CVSS 4.7
CVE-2018-10523 MEDIUM
CMS Made Simple < 2.2.7 - Physical Path Leakage via DesignManager or FileManager Endpoints
CVSS 5.3
CVE-2018-10522 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Sensitive Information Disclosure via File View Operation
CVSS 4.9
CVE-2018-10516 MEDIUM
CMS Made Simple < 2.2.7 - Authenticated Sensitive Information Disclosure via File Rename Operation
CVSS 6.5
CVE-2018-10472 MEDIUM
Xen < 4.10.1 - Unauthorized File Read via QMP CDROM Insertion
CVSS 5.6
CVE-2018-1074 HIGH
ovirt-engine < 4.2.2.5 and 4.1.11.1 - Insufficiently Protected Power Management Credentials
CVSS 7.7
CVE-2018-10424 LOW
MiniCMS 1.10 - Full Path Disclosure via Post Edit ID Field
CVSS 2.7
CVE-2018-10423 LOW
MiniCMS 1.10 - Exposure of Sensitive Information via Directory Listing
CVSS 2.7
CVE-2018-1059 MEDIUM
Canonical Ubuntu Linux < 18.02.1 - Information Disclosure
CVSS 6.1
CVE-2018-8880 HIGH
Lutron Quantum BACnet Integration <3.2.243 - Info Disclosure
CVSS 7.5
CVE-2018-10245 MEDIUM
awstats < 7.6 - Full Path Disclosure via framename and update Parameters
CVSS 5.3
Details
Vulnerabilities 10,172
Exploit Likelihood High