CWE-200— Exposure of Sensitive Information to an Unauthorized Actor
8,639 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-200page 63 of 173
- CVE-2018-20870MEDIUMCVSS 5.5EG 5.52019-07-30
The WebDAV transport feature in cPanel before 76.0.8 enables debug logging (SEC-467).
- CVE-2018-20889MEDIUMCVSS 4.4EG 4.42019-08-01
cPanel before 74.0.0 allows certain file-read operations via password file caching (SEC-425).
- CVE-2018-20894LOWCVSS 3.3EG 3.32019-08-01
cPanel before 74.0.0 makes web-site contents accessible to other local users via Git repositories (SEC-443).
- CVE-2018-20902MEDIUMCVSS 5.5EG 5.52019-08-01
cPanel before 71.9980.37 allows attackers to read root's crontab file by leveraging ClamAV installation (SEC-408).
- CVE-2018-20913MEDIUMCVSS 4.9EG 4.92019-08-01
cPanel before 70.0.23 allows attackers to read the root accesshash via the WHM /cgi/trustclustermaster.cgi (SEC-364).
- CVE-2018-20939LOWCVSS 3.3EG 3.32019-08-01
cPanel before 68.0.27 allows a user to discover contents of directories (that are not owned by that user) by leveraging backups (SEC-339).
- CVE-2018-20941MEDIUMCVSS 5.6EG 5.62019-08-01
cPanel before 68.0.27 allows arbitrary file-read operations via restore adminbin (SEC-349).
- CVE-2018-20942LOWCVSS 2.5EG 2.52019-08-01
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon configuring crontab (SEC-351).
- CVE-2018-20943LOWCVSS 2.5EG 2.52019-08-01
cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task (SEC-352).
- CVE-2018-20944LOWCVSS 3.3EG 3.32019-08-01
cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test (SEC-353).
- CVE-2018-20946LOWCVSS 3.3EG 3.32019-08-01
cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archive_sync_zones script (SEC-355).
- CVE-2018-20952MEDIUMCVSS 6.5EG 6.52019-08-01
cPanel before 68.0.27 creates world-readable files during use of WHM Apache Includes Editor (SEC-388).
- CVE-2018-20958MEDIUMCVSS 6.5EG 6.52019-08-07
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
- CVE-2018-21011HIGHCVSS 7.5EG 7.52019-09-09
The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details.
- CVE-2018-21019HIGHCVSS 7.5EG 7.52019-09-23
Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py.
- CVE-2018-21026HIGHCVSS 7.5EG 7.52019-11-12
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
- CVE-2018-21034MEDIUMCVSS 6.5EG 6.52020-04-09
In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.
- CVE-2018-21043LOWCVSS 3.3EG 3.32020-04-08
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (De…
- CVE-2018-21045MEDIUMCVSS 6.2EG 6.22020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018).
- CVE-2018-21048MEDIUMCVSS 6.2EG 6.22020-04-08
An issue was discovered on Samsung mobile devices with O(8.x) software. There is a Notification leak on a locked device in Standalone Dex mode. The Samsung ID is SVE-2018-12925 (November 2018).
- CVE-2018-21053MEDIUMCVSS 4.6EG 4.62020-04-08
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).
- CVE-2018-21056MEDIUMCVSS 4.6EG 4.62020-04-08
An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018).
- CVE-2018-21059HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard content visibility in the locked state via the emergency contact picker. The Samsung ID is SVE-2018-11806 (September 2018).
- CVE-2018-21060HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is a Keyboard learned words leak in the locked state via the emergency contact picker. The Samsung IDs are SVE-2018-11989, SVE-2018-11990 (September 2…
- CVE-2018-21067MEDIUMCVSS 5.3EG 5.32020-04-08
An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018).
- CVE-2018-21069HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software. There is information disclosure (of kernel stack memory) in a MediaTek driver. The Samsung ID is SVE-2018-11852 (July 2018).
- CVE-2018-21071HIGHCVSS 7.3EG 7.32020-04-08
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).
- CVE-2018-21073LOWCVSS 2.4EG 2.42020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 …
- CVE-2018-21074LOWCVSS 3.3EG 3.32020-04-08
An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).
- CVE-2018-21076MEDIUMCVSS 5.5EG 5.52020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).
- CVE-2018-21077LOWCVSS 2.4EG 2.42020-04-08
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-1…
- CVE-2018-21083HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2…
- CVE-2018-21129MEDIUMCVSS 6.5EG 6.52020-04-22
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.
- CVE-2018-21136MEDIUMCVSS 4.6EG 4.62020-04-23
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.
- CVE-2018-21139HIGHCVSS 7.5EG 7.52020-04-23
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D1500 before 1.0.0.27, D500 before 1.0.0.27, D6100 before 1.0.0.58, D6200 before 1.1.00.30, D6220 before 1.0.0.46, D6400 before 1.0.0.82, D7000 befor…
- CVE-2018-21143MEDIUMCVSS 6.5EG 6.52020-04-21
NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.
- CVE-2018-21168HIGHCVSS 7.5EG 7.52020-04-27
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects D7000 before 1.0.1.52, D7800 before 1.0.1.31, D8500 before 1.0.3.36, JNR1010v2 before 1.1.0.46, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.46, P…
- CVE-2018-21242CRITICALCVSS 9.8EG 9.82020-06-04
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
- CVE-2018-21247HIGHCVSS 7.5EG 7.52020-06-17
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.
- CVE-2018-21260LOWCVSS 2.7EG 2.72020-06-19
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.
- CVE-2018-2402HIGHCVSS 7.6EG 8.42018-03-14
In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear text in the indexserver trace files of the…
- CVE-2018-25022LOWCVSS 3.1EG 3.12021-12-13
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's…
- CVE-2018-25081HIGHCVSS 7.5EG 7.52023-03-09
Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the iclou…
- CVE-2018-3598HIGHCVSS 7.5EG 7.52018-04-03
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, insufficient validation of parameters from userspace in the camera driver ca…
- CVE-2018-3619MEDIUMCVSS 4.6EG 4.62018-07-10
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
- CVE-2018-3621MEDIUMCVSS 6.5EG 6.52018-11-14
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
- CVE-2018-3626MEDIUMCVSS 4.7EG 4.72018-03-20
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.
- CVE-2018-3646MEDIUMCVSS 5.6EG 5.62018-08-14
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a termin…
- CVE-2018-3652HIGHCVSS 7.6EG 7.62018-07-10
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker t…
- CVE-2018-3665MEDIUMCVSS 5.6EG 5.62018-06-21
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
Map vulnerabilities like CWE-200 to your infrastructure
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →