CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-1000147 MEDIUM
Jenkins Perforce Plugin <1.3.36 - Info Disclosure
CVSS 6.5
CVE-2018-1000145 MEDIUM
Jenkins Perforce Plugin <1.3.36 - Info Disclosure
CVSS 6.5
CVE-2018-1000143 MEDIUM
Jenkins GitHub Pull Request Builder Plugin <1.39.0 - Info Disclosure
CVSS 6.7
CVE-2018-1000142 HIGH
Jenkins GitHub Pull Request Builder Plugin <1.39.0 - Info Disclosure
CVSS 7.8
CVE-2018-1097 HIGH
Foreman < 1.16.1 - Exposure of Compute Resource Credentials via oVirt/RHV Power Management
CVSS 8.8
CVE-2018-9126 CRITICAL
DNNArticle 11 for DNN - Unauthenticated Sensitive Information Exposure via GetCSS.ashx URI
CVSS 9.8
CVE-2018-9275 HIGH
Yubico PAM 2.18-2.25 - Information Disclosure and Denial of Service via File Descriptor Leak
CVSS 8.2
CVE-2018-6919 HIGH
FreeBSD 10.0-10.3 - Unauthorized Kernel Memory Exposure via Insufficient Memory Initialization
CVSS 7.5
CVE-2018-3598 HIGH
Qualcomm Android <2018-04-05 - Info Disclosure
CVSS 7.5
CVE-2018-4168 MEDIUM
iPhone OS < 11.3 - Unauthorized Sensitive Information Exposure via Files Widget
CVSS 4.6
CVE-2018-4138 MEDIUM
macOS < 10.13.4 - Unauthorized Memory Read via NVIDIA Graphics Drivers
CVSS 5.5
CVE-2018-4137 HIGH
Safari < 11.1 - Unauthenticated Exposure of Sensitive Information via Login AutoFill
CVSS 7.5
CVE-2018-4123 LOW
iPhone OS < 11.3 - Unauthorized iTunes Email Address Exposure via Clock Alarm Handling
CVSS 2.4
CVE-2018-4117 MEDIUM
Safari < 11.1 - Same Origin Policy Bypass via Fetch API
CVSS 6.5
CVE-2018-4104 MEDIUM
iPhone OS < 11.3, macOS < 10.13.4, tvOS < 11.3, watchOS < 4.3 - Kernel Memory Read Restriction Bypass
CVSS 5.5
CVE-2018-4093 MEDIUM
Apple tvOS < 11.2.5 - Kernel Memory Read Restriction Bypass
CVSS 5.5
CVE-2018-4090 MEDIUM
Apple tvOS < 11.2.5 - Kernel Memory Read Restriction Bypass
CVSS 5.5
CVE-2018-4084 MEDIUM
macOS < 10.13.3 - Unauthorized Memory Read via Wi-Fi Component
CVSS 5.5
CVE-2018-6849 MEDIUM
DuckDuckGo 4.2.0 - Private IP Address Exposure via WebRTC STUN Request
CVSS 4.3
CVE-2018-1234 MEDIUM
RSA Authentication Agent for Web < 8.0.1 - Unauthorized Configuration Exposure via Named Pipe ACL
CVSS 5.5
CVE-2018-3817 MEDIUM
Logstash < 5.6.6 and 6.x < 6.1.2 - Sensitive Information Disclosure in Deprecated Settings Log
CVSS 6.5
CVE-2018-1191 HIGH
Cloud Foundry Garden-runC <1.11.0 - Info Disclosure
CVSS 8.8
CVE-2018-6608 MEDIUM
Opera Browser 51.0.2830.55 - Exposure of Sensitive Information via WebRTC STUN Request
CVSS 4.3
CVE-2018-7676 LOW
NetIQ Identity Manager < 4.7 - Sensitive Information Exposure via Userapp Log/Trace
CVSS 3.9
CVE-2018-9056 MEDIUM
Intel Atom C/E/X3 - Unauthorized Information Disclosure via BranchScope Side-Channel Attack
CVSS 5.6
Details
Vulnerabilities 10,172
Exploit Likelihood High