CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-31051 MEDIUM
semantic-release 17.0.4-19.0.3 - Exposure of Sensitive Information via URI Encoding Bypass
CVSS 4.4
CVE-2022-31033 MEDIUM
mechanize < 2.8.5 - Authorization Header Exposure via Redirect to Different Port
CVSS 5.9
CVE-2022-30556 HIGH
Apache HTTP Server < 2.4.54 - Exposure of Sensitive Information via Buffer Length Mismanagement
CVSS 7.5
CVE-2022-28614 MEDIUM
Apache HTTP Server <2.4.53 - Memory Corruption
CVSS 5.3
CVE-2022-30743 MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.3
CVE-2022-30742 LOW
Find My Mobile <7.2.24.12 - Info Disclosure
CVSS 3.3
CVE-2022-30741 LOW
Find My Mobile <7.2.24.12 - Info Disclosure
CVSS 3.3
CVE-2022-30740 MEDIUM
Samsung Internet <17.0.1.69 - Info Disclosure
CVSS 4.1
CVE-2022-30737 MEDIUM
Samsung Account <13.2.00.6 - Info Disclosure
CVSS 4.0
CVE-2022-30736 MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.3
CVE-2022-30735 MEDIUM
Samsung Account <13.2.00.6 - Privilege Escalation
CVSS 5.9
CVE-2022-30734 MEDIUM
Samsung Account <13.2.00.6 - Info Disclosure
CVSS 4.0
CVE-2022-30733 MEDIUM
Samsung Account <13.2.00.6 - Info Disclosure
CVSS 4.0
CVE-2022-30732 MEDIUM
Samsung Account <13.2.00.6 - Info Disclosure
CVSS 5.5
CVE-2022-30586 HIGH
Gradle Enterprise <= 2022.2.2 - Incorrect Access Control
CVSS 7.2
CVE-2022-28224 MEDIUM
Calico < 3.20.5, Calico Enterprise < 3.11.4, Calico 3.22.0-3.22.1 - Route Hijacking via Floating IP Annotation
CVSS 5.5
CVE-2022-26869 CRITICAL
Dell PowerStore <2.1.0 - Open Redirect
CVSS 9.8
CVE-2022-27775 HIGH
curl 7.65.0-7.82.0 - Information Disclosure via IPv6 Connection Reuse
CVSS 7.5
CVE-2022-29235 MEDIUM
BigBlueButton <2.3.18, <2.4-rc-6 - Info Disclosure
CVSS 5.3
CVE-2022-29232 MEDIUM
BigBlueButton <2.3.9, <2.4-beta-1 - Info Disclosure
CVSS 6.5
CVE-2022-24414 HIGH
Dell EMC CloudLink <7.1.3 - Info Disclosure
CVSS 7.6
CVE-2022-20821 MEDIUM KEV
Cisco IOS XR - Unauthenticated Redis Instance Exposure via Health Check RPM
CVSS 6.5
CVE-2022-29248 HIGH
Guzzle < 6.5.6 - Cookie Domain Validation Bypass
CVSS 8.0
CVE-2022-1815 HIGH
drawio < 18.1.2 - Server-Side Request Forgery
CVSS 7.5
CVE-2022-29567 MEDIUM
Vaadin 14.8.5-14.8.9, 22.0.6-22.0.14, 23.0.0.beta2-23.0.8, 23.1.0.alpha1-23.1.0.alpha4 - TreeGrid Information Disclosure
CVSS 5.7
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits