CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-42266 MEDIUM
NVIDIA GPU Display Driver for Windows - Unauthorized Sensitive Information Exposure via DxgkDdiEscape Handler
CVSS 5.5
CVE-2022-34674 MEDIUM
NVIDIA GPU Display Driver >=390 <390.157 - Information Disclosure in Kernel Mode Layer Handler
CVSS 6.8
CVE-2022-41767 MEDIUM
MediaWiki <1.35.8, 1.36.x, 1.37.x <1.37.5, 1.38.x <1.38.3 - Info Di...
CVSS 5.3
CVE-2022-45414 HIGH
Thunderbird < 102.5.1 - Exposure of Sensitive Information via HTML Email Tag Attributes
CVSS 8.1
CVE-2022-31746 MEDIUM
Firefox for iOS < 102.0 - Exposure of Sensitive Information via Referrer Header
CVSS 6.5
CVE-2022-29916 MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - Browser History Probing via CSS Variable Resource Loading
CVSS 6.5
CVE-2022-22745 MEDIUM
Firefox < 96.0 and Firefox ESR < 91.5 - Exposure of Sensitive Information via Security Policy Violation Events
CVSS 6.5
CVE-2022-25948 MEDIUM
liquidjs < 10.0.0 - Information Exposure via Prototype Property Leak
CVSS 5.3
CVE-2022-3185 MEDIUM
Dataprobe iBoot-PDU Firmware < 1.42.06162022 - Exposure of Sensitive Information
CVSS 5.3
CVE-2022-46310 HIGH
TelephonyProvider - Info Disclosure
CVSS 7.5
CVE-2022-39166 MEDIUM
IBM Security Guardium 11.4 - Exposure of Sensitive Information via HTTP Response
CVSS 4.4
CVE-2022-23488 MEDIUM
BigBlueButton < 2.4-rc-6 - Unauthorized Webcam Stream Access via Lock Setting Bypass
CVSS 6.5
CVE-2022-23490 MEDIUM
BigBlueButton < 2.4.0 - Unauthorized Poll Response Exposure via Current-Poll Collection
CVSS 4.3
CVE-2022-41964 MEDIUM
BigBlueButton 2.4 Release Candidates - Authenticated Exposure of Sensitive Information via Poll Subscription
CVSS 5.7
CVE-2022-20591 MEDIUM
Android - Local Information Disclosure in ppmpu_set
CVSS 5.5
CVE-2022-46702 MEDIUM
iPadOS 16.0-16.1 - Kernel Memory Exposure via Improper Memory Handling
CVSS 5.5
CVE-2022-42866 MEDIUM
iPadOS < 16.2 - Unauthorized Sensitive Location Information Exposure
CVSS 5.5
CVE-2022-42854 MEDIUM
macOS 12.0.0-12.6.1 - Unauthorized Kernel Memory Exposure
CVSS 5.5
CVE-2022-42852 MEDIUM
Safari < 16.2 - Unauthorized Memory Disclosure via Malicious Web Content
CVSS 6.5
CVE-2022-42843 MEDIUM
iPadOS < 16.2 - Unprotected User Data Exposure
CVSS 5.5
CVE-2022-3917 MEDIUM
Motorola Moto E20 < RONS31.267-38-8 - Unauthorized Sensitive Information Exposure via Bootloader Access
CVSS 4.6
CVE-2022-47411 CRITICAL
fp_newsletter < 1.1.1, 1.2.0, 2.x < 2.1.2, 2.2.1-2.4.0, 3.x < 3.2.6 - Subscriber Data Exposure
CVSS 9.1
CVE-2022-47410 CRITICAL
fp_newsletter < 1.1.1, 1.2.0, 2.x < 2.1.2, 2.2.1-2.4.0, 3.x < 3.2.6 - Subscriber Data Exposure
CVSS 9.1
CVE-2022-23504 MEDIUM
TYPO3 < 9.5.38, 10.4.33, 11.5.20, 12.1.1 - Sensitive Information Disclosure via YAML Placeholder Expressions
CVSS 5.7
CVE-2022-46355 HIGH
SCALANCE X204RNA - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits