CWE-200— Exposure of Sensitive Information to an Unauthorized Actor
8,649 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-200page 64 of 173
- CVE-2018-3760HIGHCVSS 7.5EG 9.02018-06-26
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an a…
- CVE-2018-3809MEDIUMCVSS 5.3EG 5.32018-06-01
Information exposure through directory listings in serve 6.5.3 allows directory listing and file access even when they have been set to be ignored.
- CVE-2018-3813CRITICALCVSS 9.8EG 9.82018-01-01
getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 has Incorrect Access Control, as demonstrated by reading the AVI_USER_ID and AVI_USER_PASSWORD fields via a direct request.
- CVE-2018-3817MEDIUMCVSS 6.5EG 6.52018-03-30
When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information.
- CVE-2018-3826MEDIUMCVSS 6.5EG 6.52018-09-19
In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. When the access_key and security_key parameters are set using the _snapshot API they can be exposed as plain text by users able to query the _…
- CVE-2018-3831HIGHCVSS 8.8EG 8.82018-09-19
Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings API, when queried, could leak sensitive configuratio…
- CVE-2018-3837MEDIUMCVSS 5.5EG 5.52018-04-10
An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in infor…
- CVE-2018-3838MEDIUMCVSS 6.5EG 6.52018-04-10
An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. A specially crafted XCF image can cause an out-of-bounds read on the heap, resulting in information disc…
- CVE-2018-3854HIGHCVSS 7.1EG 7.12018-12-03
An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowin…
- CVE-2018-3928HIGHCVSS 7.5EG 7.52018-11-01
An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can se…
- CVE-2018-3947HIGHCVSS 8.1EG 8.12018-11-01
An exploitable information disclosure vulnerability exists in the phone-to-camera communications of Yi Home Camera 27US 1.8.7.0D. An attacker can sniff network traffic to exploit this vulnerability.
- CVE-2018-3986MEDIUMCVSS 5.5EG 5.52019-01-03
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, eith…
- CVE-2018-3987MEDIUMCVSS 5.5EG 5.52020-02-13
An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigge…
- CVE-2018-3988MEDIUMCVSS 4.7EG 4.72018-12-10
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, whi…
- CVE-2018-4052MEDIUMCVSS 5.5EG 5.52019-04-02
An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessibl…
- CVE-2018-4067MEDIUMCVSS 6.5EG 6.52019-05-06
An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclos…
- CVE-2018-4068MEDIUMCVSS 5.3EG 5.32019-05-06
An exploitable information disclosure vulnerability exists in the ACEManager functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A HTTP request can result in disclosure of the default configuration for the device. An attacker can send…
- CVE-2018-4069HIGHCVSS 7.5EG 7.52019-05-06
An information disclosure vulnerability exists in the ACEManager authentication functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The ACEManager authentication functionality is done in plaintext XML to the web server. An attacker ca…
- CVE-2018-4070HIGHCVSS 8.8EG 8.82019-05-06
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. This binary does not have any restricted configuration settings, so once the MSCI…
- CVE-2018-4071HIGHCVSS 8.8EG 8.82019-05-06
An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGet_Task.cgi executable is used to retrieve MSCII configuration …
- CVE-2018-4084MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Wi-Fi" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- CVE-2018-4090MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows atta…
- CVE-2018-4093MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Kernel" component. It allows atta…
- CVE-2018-4104MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "Kernel" component. It allows attackers …
- CVE-2018-4117MEDIUMCVSS 6.5EG 6.52018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issu…
- CVE-2018-4123LOWCVSS 2.4EG 2.42018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address.
- CVE-2018-4137HIGHCVSS 7.5EG 7.52018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack…
- CVE-2018-4138MEDIUMCVSS 5.5EG 5.52018-04-03
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- CVE-2018-4141MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- CVE-2018-4159MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
- CVE-2018-4168MEDIUMCVSS 4.6EG 4.62018-04-03
An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached d…
- CVE-2018-4171MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages de…
- CVE-2018-4179MEDIUMCVSS 5.5EG 5.52019-01-11
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic.
- CVE-2018-4185HIGHCVSS 7.5EG 7.52019-01-11
In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
- CVE-2018-4186HIGHCVSS 7.5EG 7.52019-01-11
In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation.
- CVE-2018-4196HIGHCVSS 7.8EG 7.82018-06-08
An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive info…
- CVE-2018-4217HIGHCVSS 7.5EG 7.52019-01-11
In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing.
- CVE-2018-4221HIGHCVSS 7.5EG 7.52018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Security" component. It allows web sites to track users by leveraging the transmission of S/MIME clie…
- CVE-2018-4223MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Security" component. It allows local …
- CVE-2018-4224MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS …
- CVE-2018-4226MEDIUMCVSS 5.5EG 5.52018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. watchOS before 4.3.1 is affected. The …
- CVE-2018-4239MEDIUMCVSS 4.6EG 4.62018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Magnifier" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and see the most recent M…
- CVE-2018-4244MEDIUMCVSS 4.6EG 4.62018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri Contacts" component. It allows physically proximate attackers to discover private contact information via Siri.
- CVE-2018-4252MEDIUMCVSS 4.6EG 4.62018-06-08
An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Siri" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notificatio…
- CVE-2018-4289MEDIUMCVSS 5.5EG 5.52019-04-03
An information disclosure issue was addressed by removing the vulnerable code. This issue affected versions prior to macOS High Sierra 10.13.6.
- CVE-2018-4300MEDIUMCVSS 5.9EG 5.92019-04-03
The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.
- CVE-2018-4311HIGHCVSS 8.1EG 8.12019-04-03
The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
- CVE-2018-4325LOWCVSS 2.4EG 2.42019-04-03
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.
- CVE-2018-4352LOWCVSS 3.3EG 3.32019-04-03
A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. This issue affected versions prior to iOS 12.
- CVE-2018-4355MEDIUMCVSS 5.5EG 5.52019-04-03
A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.
Map vulnerabilities like CWE-200 to your infrastructure
EchelonGraph correlates every CVE — across CWE-200 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →