CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2022-0854 MEDIUM
Linux Kernel < 5.16 - Memory Leak in DMA Subsystem
CVSS 5.5
CVE-2022-1004 MEDIUM
OTRS 7.0.0-7.0.32 - Unauthorized Exposure of Accounted Time in Ticket Detail View
CVSS 4.3
CVE-2022-25602 HIGH
ExpressTech Responsive Menu <= 4.1.7 - Arbitrary File Upload via Nonce Token Leak
CVSS 8.3
CVE-2022-25248 MEDIUM
PTC Axeda Agent and Desktop Server - Unauthenticated Sensitive Information Exposure via Event Log Port
CVSS 5.3
CVE-2022-0430 MEDIUM
httpie < 3.1.0 - Exposure of Sensitive Information
CVSS 5.3
CVE-2022-24762 MEDIUM
sysend.js < 1.10.0 - Origin Validation Error
CVSS 6.5
CVE-2022-24742 MEDIUM
Sylius <1.9.10, <1.10.11, <1.11.2 - Info Disclosure
CVSS 5.0
CVE-2022-25512 HIGH
FreeTAKServer-UI 1.9.8 - Exposure of Sensitive API and Websocket Keys
CVSS 7.5
CVE-2022-26847 MEDIUM
SPIP <3.2.14, <4.0.5 - Info Disclosure
CVSS 5.3
CVE-2022-25830 LOW
Samsung Galaxy Watch3 Plugin < 2.2.03.22012751 - Information Exposure via Log File
CVSS 1.9
CVE-2022-25829 LOW
Samsung Watch Active2 Plugin < 2.2.08.22012751 - Information Exposure via Log File
CVSS 1.9
CVE-2022-25828 LOW
Samsung Watch Active Plugin < 2.2.07.22012751 - Information Exposure via Log File
CVSS 1.9
CVE-2022-25827 LOW
Samsung Galaxy Watch Plugin < 2.2.05.22012751 - Information Exposure via Log File
CVSS 1.9
CVE-2022-25826 LOW
Samsung Galaxy Watch 3 Plugin < 2.2.03.22012751 - Sensitive Information Exposure in Log Files
CVSS 1.9
CVE-2022-25823 LOW
Samsung Galaxy Watch Plugin < 2.2.05.220126741 - Information Exposure via Log File
CVSS 1.9
CVE-2022-24398 MEDIUM
SAP Business Objects Business Intelligence Platform - Info Disclosure
CVSS 6.5
CVE-2022-22547 HIGH
Simple Diagnostics Agent <1.57 - Info Disclosure
CVSS 7.5
CVE-2022-0813 MEDIUM
phpMyAdmin < 5.1.1 and 5.1.2 - Exposure of Sensitive Information via Invalid Requests
CVSS 5.3
CVE-2022-0725 HIGH
KeePass - Information Exposure via Plain Text Password Logging
CVSS 7.5
CVE-2022-0516 HIGH
Linux Kernel < 5.17 - Unauthorized Memory Write Access via KVM s390 Guest SIDA Operation
CVSS 7.8
CVE-2022-24747 MEDIUM
Shopware <6.4.8.2 - Info Disclosure
CVSS 6.3
CVE-2022-24737 MEDIUM
httpie < 3.1.0 - Exposure of Sensitive Information via Session Cookie Handling
CVSS 6.5
CVE-2022-0384 MEDIUM
Zoom WordPress Plugin <3.8.17 - Info Disclosure
CVSS 4.3
CVE-2022-24725 MEDIUM
shescape 1.4.0-1.5.1 - Home Directory Exposure via Interpolation Option in Bash
CVSS 6.2
CVE-2022-23648 HIGH
containerd < 1.4.12 - Unauthorized File Access via CRI Image Configuration
CVSS 7.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits