CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2018-0830 MEDIUM
Windows Kernel - Information Disclosure via Memory Object Handling
CVSS 4.7
CVE-2018-0829 MEDIUM
Windows Kernel - Information Disclosure via Memory Object Handling
CVSS 4.7
CVE-2018-0763 LOW
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 3.1
CVE-2018-0761 MEDIUM
Microsoft Windows 7 and Windows Server 2008 - Information Disclosure in EOT Font Engine
CVSS 5.5
CVE-2018-0760 MEDIUM
Microsoft Windows 7, Windows Server 2008, and Windows Server 2012 - Information Disclosure in EOT Font Engine
CVSS 5.5
CVE-2018-0755 MEDIUM
Windows 7 SP1 and Windows Server 2008 R2 - Information Disclosure in EOT Font Engine
CVSS 5.5
CVE-2018-6293 HIGH
Saperion Web Client 7.5.2 83166 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2018-6881 MEDIUM
Dedecms - Information Disclosure
CVSS 5.3
CVE-2018-1052 MEDIUM
PostgreSQL 10.x < 10.2 - Authenticated Memory Disclosure via Partitioned Table Insert
CVSS 6.5
CVE-2018-6846 MEDIUM
Z-BlogPHP 1.5.1 - Path Disclosure via Direct Request to Upload Library
CVSS 5.3
CVE-2018-0140 MEDIUM
Cisco Email Security Appliance - Unauthorized Spam Quarantine Access via Browser Manipulation
CVSS 6.5
CVE-2018-0134 MEDIUM
Cisco Mobility Services Engine - Unauthenticated Sensitive Information Exposure via RADIUS Authentication Response
CVSS 5.3
CVE-2018-0127 CRITICAL
Cisco RV132W and RV134W - Unauthenticated Information Disclosure via Web Interface
CVSS 9.8
CVE-2018-1388 HIGH
IBM WebSphere MQ - Exposure of Sensitive Information via PKCS#1 Padding Side Channel
CVSS 7.5
CVE-2018-6806 MEDIUM
marked_2 < 2.5.11 - Exposure of Sensitive Information via x-marked://preview URL
CVSS 6.5
CVE-2018-6790 MEDIUM
KDE Plasma Workspace < 5.12.0 - Exposure of Client IP Address via Notification URL
CVSS 5.3
CVE-2018-6610 HIGH
jlike 1.0 - Exposure of Sensitive Information via task Parameter
CVSS 7.5
CVE-2018-6188 HIGH
Django <2.0.2, 1.11.8-1.11.9 - Info Disclosure
CVSS 7.5
CVE-2018-6596 CRITICAL
django-anymail < 1.2.1 - Timing Attack on WEBHOOK_AUTHORIZATION Secret
CVSS 9.1
CVE-2018-6526 MEDIUM
MantisBT < 2.10.0 - Path Disclosure via Invalid Filter Parameter
CVSS 5.3
CVE-2018-1192 HIGH
Cloud Foundry Foundation cf-release <v285 - Info Disclosure
CVSS 8.8
CVE-2018-6470 MEDIUM
nibbleblog 4.0.5 - Unauthorized Sensitive Information Exposure via .DS_Store Files
CVSS 5.3
CVE-2018-6460 HIGH
Hotspot Shield - Unauthenticated Sensitive Information Exposure via JSONP Callback Parameter
CVSS 7.5
CVE-2018-6412 HIGH
Linux Kernel < 4.15 - Information Disclosure via sbusfb_ioctl_helper Integer Signedness Error
CVSS 7.5
CVE-2018-6008 HIGH
Jtag Members Directory 5.3.7 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High