CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-7675 LOW
NetIQ Sentinel < 8.1 - Exposure of Sensitive Information via Session Timeout
CVSS 2.8
CVE-2018-7737 MEDIUM
Z-BlogPHP <1.5.1.1740 - Info Disclosure
CVSS 5.3
CVE-2018-5467 MEDIUM
Belden Hirschmann - Info Disclosure
CVSS 6.5
CVE-2018-6808 HIGH
NetScaler ADC and Gateway 10.5 11.0 11.1 12.0 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2018-7668 HIGH
TestLink < 1.9.16 - Unauthenticated Arbitrary File Read via Modified ID Field
CVSS 7.5
CVE-2018-7662 MEDIUM
Couch < 2.0 - Unauthenticated Full Path Disclosure via Direct Request
CVSS 5.3
CVE-2018-7661 MEDIUM
Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Unauthenticated Audio Data Exposure via TCP Ports 8257 and 8258
CVSS 5.3
CVE-2018-7556 CRITICAL
LimeSurvey <2.6.7, 2.7x.x<2.73.1, 3.x<3.4.2 - Sensitive Information Exposure
CVSS 9.1
CVE-2018-7250 MEDIUM
Windows Vista, 7, 8, and 8.1 - Uninitialized Kernel Pool Memory Exposure via secdrv.sys IOCTL 0xCA002813
CVSS 5.5
CVE-2018-7317 HIGH
Proclaim 9.1.1 - Unauthenticated Sensitive Information Exposure via Backup File Download
CVSS 7.5
CVE-2018-1392 LOW
IBM Financial Transaction Manager <3.1.0 - Info Disclosure
CVSS 3.1
CVE-2018-7276 HIGH
Lutron Quantum BACnet Integration 2.0 - Exposure of Sensitive Information via DbXmlInfo.xml Request
CVSS 7.5
CVE-2018-7273 MEDIUM
Linux Kernel < 4.15.4 - Kernel Address Exposure via Floppy Driver Printk
CVSS 5.5
CVE-2018-7272 MEDIUM
ForgeRock Access Management < 5.5.0 - Exposure of Sensitive Information via SSOToken ID in REST API URLs
CVSS 6.5
CVE-2018-6487 CRITICAL
Micro Focus Universal CMDB Foundation Software Remote Information Disclosure
CVSS 9.8
CVE-2018-5477 MEDIUM
ABB netCADOPS <8.1 - Info Disclosure
CVSS 5.8
CVE-2018-7251 CRITICAL
Anchor CMS < 0.12.7 - Sensitive Information Exposure via Error Log
CVSS 9.8
CVE-2018-6591 MEDIUM
Converse.js < 3.3 - Unintended Exposure of Sensitive Information
CVSS 5.3
CVE-2018-7210 HIGH
iDashboards < 9.6b - Unauthenticated Sensitive Information Exposure via config CMD Parameter
CVSS 7.5
CVE-2018-7209 HIGH
iDashboards < 9.6b - Unauthenticated Sensitive Information Exposure via config.xml Direct Request
CVSS 7.5
CVE-2018-1000068 MEDIUM
Jenkins <2.106-2.89.3 - Info Disclosure
CVSS 5.3
CVE-2018-7056 MEDIUM
RoomWizard < 4.4.0 - Unauthenticated Sensitive Information Exposure via getGroupTimeLineJSON.action
CVSS 5.3
CVE-2018-0855 MEDIUM
Microsoft Windows 7 SP1 and Windows Server 2008 R2 - Information Disclosure in EOT Font Engine
CVSS 4.3
CVE-2018-0843 MEDIUM
Windows 10 1709 and Windows Server 2016 1709 - Kernel Information Disclosure via Memory Object Handling
CVSS 4.7
CVE-2018-0839 MEDIUM
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 4.3
Details
Vulnerabilities 10,172
Exploit Likelihood High