CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-36075 LOW
Nextcloud Files Access Control <1.12.2-1.14.1 - Info Disclosure
CVSS 2.6
CVE-2022-36074 MEDIUM
Nextcloud <24.0.3 - Info Disclosure
CVSS 6.4
CVE-2022-31143 MEDIUM
GLPI < 10.0.3 - Exposure of Sensitive Information via Setup Configuration
CVSS 5.3
CVE-2022-32244 MEDIUM
SAP BusinessObjects Business Intelligence - Authenticated Exposure of Sensitive System Data via Commentary Database
CVSS 5.2
CVE-2022-36101 MEDIUM
Shopware < 5.7.15 - Exposure of Sensitive Information in Backend Customer Detail View
CVSS 5.4
CVE-2022-31221 LOW
Dell BIOS < 1.1.66 - Authenticated Sensitive Information Exposure
CVSS 2.3
CVE-2022-36878 LOW
Samsung Find My Mobile < 7.2.25.14 - Exposure of Sensitive Information via Log
CVSS 3.3
CVE-2022-36877 LOW
Samsung Members < 4.3.00.11 (Global) and < 14.0.02.4 (China) - Sensitive Information Exposure in FaqSymptomCardViewModel
CVSS 2.8
CVE-2022-38400 MEDIUM
Mailform Pro CGI <4.3.1 - Info Disclosure
CVSS 5.9
CVE-2022-36079 HIGH
Parse Server <4.10.14-5.2.5 - Info Disclosure
CVSS 8.6
CVE-2022-34867 HIGH
WP Libre Form 2 2.0.0-2.0.8 - Unauthenticated Sensitive Information Disclosure
CVSS 7.3
CVE-2022-2939 MEDIUM
WP Cerber Security < 9.0 - Unauthenticated User Enumeration via Author Parameter
CVSS 5.3
CVE-2022-2462 MEDIUM
Transposh WordPress Translation <= 1.0.9.6 - Unauthenticated Sensitive Information Disclosure via tp_history AJAX Action
CVSS 5.3
CVE-2022-31176 HIGH
grafana-image-renderer < 3.6.1 - Unauthorized File Disclosure via Fake Datasource
CVSS 8.3
CVE-2022-2806 MEDIUM
ovirt-log-collector/sosreport - Info Disclosure
CVSS 5.5
CVE-2022-2739 MEDIUM
Red Hat Enterprise Linux 7 Extras Podman - Exposure of Sensitive Information via Environment Variables
CVSS 5.3
CVE-2022-1663 MEDIUM
Stop Spam Comments < 0.2.1.2 - Unauthenticated Exposure of Sensitive Information via JavaScript Access Token
CVSS 6.5
CVE-2022-0851 MEDIUM
convert2rhel - Exposure of Sensitive Information via Command Line Argument
CVSS 5.5
CVE-2022-0850 HIGH
Linux Kernel < 4.4.276 - Information Disclosure via ext4_extent_header
CVSS 7.1
CVE-2022-0812 MEDIUM
Linux Kernel < 5.8.0 - Information Disclosure in NFS over RDMA
CVSS 4.3
CVE-2022-32742 MEDIUM
Samba < 4.14.14 - Exposure of Sensitive Information via SMB1 Write Request
CVSS 4.3
CVE-2022-31238 MEDIUM
Dell PowerScale OneFS <9.4.0.2 - Info Disclosure
CVSS 4.7
CVE-2022-34776 MEDIUM
tabit < 3.27.0 - Unauthenticated Exposure of Sensitive Information via Tiny URL Redirect
CVSS 5.5
CVE-2022-2558 MEDIUM
Simple Job Board WP <2.10.0 - Path Traversal
CVSS 5.3
CVE-2022-30693 MEDIUM
Cybozu Office <10.8.5 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits