CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-9014 HIGH
dsmall v20180320 - Physical Path Leakage via pdr_sn Parameter
CVSS 7.5
CVE-2018-3626 MEDIUM
Intel SGX SDK < 1.9.6 - Unauthorized Information Exposure via Edger8r Tool
CVSS 4.7
CVE-2018-1322 MEDIUM
Apache Syncope 1.2.0-1.2.10 - Information Disclosure via FIQL and ORDER BY Parameters
CVSS 4.9
CVE-2018-1000135 HIGH
GNOME NetworkManager <1.10.2 - Info Disclosure
CVSS 7.5
CVE-2018-8770 MEDIUM
Western Bridge Cobub Razor 0.8.0 - Info Disclosure
CVSS 5.3
CVE-2018-1200 MEDIUM
Pivotal Application Service 1.11.x < 1.11.26 - Unauthenticated Remote File Read via Apps Manager
CVSS 6.5
CVE-2018-7704 MEDIUM
SecurEnvoy SecurMail <9.2.501 - Info Disclosure
CVSS 6.5
CVE-2018-2402 HIGH
SAP HANA 1.00 and 2.00 - Unauthorized Exposure of User Credentials in Indexserver Trace Files
CVSS 7.6
CVE-2018-7496 MEDIUM
OSIsoft PI Vision < 2017 - Information Exposure via Server Response Headers
CVSS 5.3
CVE-2018-0932 MEDIUM
Microsoft Edge and Internet Explorer - Information Disclosure via Memory Object Handling
CVSS 4.3
CVE-2018-0929 MEDIUM
Internet Explorer - Information Disclosure via Memory Object Handling
CVSS 4.3
CVE-2018-0927 MEDIUM
Internet Explorer and Edge - Information Disclosure via Memory Object Handling
CVSS 4.3
CVE-2018-0904 MEDIUM
Windows Kernel - Information Disclosure via Memory Address Handling
CVSS 4.7
CVE-2018-0900 MEDIUM
Windows Kernel - Information Disclosure via Memory Address Handling
CVSS 4.7
CVE-2018-0899 MEDIUM
Windows Kernel - Information Disclosure via Memory Address Handling
CVSS 4.7
CVE-2018-0898 MEDIUM
Windows Kernel - Information Disclosure via Memory Address Handling
CVSS 4.7
CVE-2018-0896 MEDIUM
Windows Kernel - Information Disclosure via Memory Address Handling
CVSS 4.7
CVE-2018-0879 HIGH
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 7.5
CVE-2018-1000126 HIGH
Ajenti 2 - Information Disclosure in Config File
CVSS 7.5
CVE-2018-1323 HIGH
Apache Tomcat JK Connector 1.2.0-1.2.42 - Path Traversal via IIS/ISAPI Request Path Normalization
CVSS 7.5
CVE-2018-8056 HIGH
Western Bridge Cobub Razor <0.8.0 - Info Disclosure
CVSS 7.5
CVE-2018-1387 MEDIUM
IBM Monitoring <8.1.4 - Info Disclosure
CVSS 5.3
CVE-2018-7755 MEDIUM
Linux kernel <4.15.7 - Info Disclosure
CVSS 5.5
CVE-2018-0218 LOW
Cisco Secure Access Control Server - XML External Entity Injection via Imported XML File
CVSS 3.3
CVE-2018-0207 LOW
Cisco Secure Access Control Server - XML External Entity Injection via Crafted XML File Import
CVSS 3.3
Details
Vulnerabilities 10,172
Exploit Likelihood High