CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-32050 MEDIUM
MongoDB Drivers - Sensitive Information Exposure via Command Listener Event Publication
CVSS 4.2
CVE-2021-4428 LOW
what3words Autosuggest Plugin < 4.0.1 - Information Disclosure in Setting Handler
CVSS 2.7
CVE-2021-46891 CRITICAL
Huawei EMUI and HarmonyOS - Exposure of Sensitive Information via GPU Module Permission Verification
CVSS 9.8
CVE-2021-4377 MEDIUM
Doneren met Mollie <2.8.5 - Info Disclosure
CVSS 6.5
CVE-2021-3923 LOW
Linux Kernel < 5.15.14 - Kernel Stack Information Leak via RDMA over Infiniband
CVSS 2.3
CVE-2021-34125 HIGH
PX4-Autopilot < 1.11.3 - Exposure of Sensitive Information via NuttX Commands
CVSS 7.5
CVE-2021-46841 MEDIUM
Apple Music <3.5.0 - Info Disclosure
CVSS 5.9
CVE-2021-22786 HIGH
Modicon M340 BMXP34* < 3.30 - Information Exposure via Modbus TCP
CVSS 7.5
CVE-2021-39089 MEDIUM
IBM Cloud Pak for Security 1.10.0.0-1.10.6.0 - Authenticated Exposure of Sensitive Information via HTTP Request
CVSS 4.3
CVE-2021-45475 MEDIUM
Yordam Library Information Document Automation Program < 19.02 - Unauthenticated Exposure of Sensitive Information
CVSS 5.3
CVE-2021-39190 MEDIUM
GLPI SCCM Plugin < 2.3.0 - Unauthenticated Information Disclosure via Configuration Page
CVSS 5.3
CVE-2021-3688 MEDIUM
Red Hat JBoss Core Services HTTP Server - Path Traversal via Dot-Dot-Semicolon Bypass
CVSS 4.8
CVE-2021-3644 LOW
Redhat Descision Manager < 16.0.1.Final - Information Disclosure
CVSS 3.3
CVE-2021-3585 MEDIUM
openstack-tripleo-heat-templates - Info Disclosure
CVSS 5.5
CVE-2021-20260 HIGH
Foreman - Insufficiently Protected Credentials via Datacenter Plugin API
CVSS 7.8
CVE-2021-42523 HIGH
colord - Information Disclosure via Unreleased sqlite3_exec Error Message
CVSS 7.5
CVE-2021-42522 HIGH
Anjuta - Information Disclosure via Improper Memory Release in Bookmarks Component
CVSS 7.5
CVE-2021-3800 MEDIUM
glib < 2.63.6 - Information Disclosure via Charset Alias
CVSS 5.5
CVE-2021-3798 MEDIUM
opencryptoki < 3.17.0 - Private Key Exposure via Invalid Curve Attack
CVSS 5.5
CVE-2021-3736 MEDIUM
Linux Kernel < 5.14.20 - Memory Leak in VFIO Mediated Device mbochs_ioctl
CVSS 5.5
CVE-2021-3714 MEDIUM
Linux Kernel - Information Exposure via Memory Deduplication Timing Attack
CVSS 5.9
CVE-2021-3590 HIGH
Foreman >= 1.6.0 - Cleartext Transmission of Sensitive Information via Azure Compute Profile Password
CVSS 8.8
CVE-2021-40180 HIGH
WeChat 8.0.10 - Exposure of Sensitive Information via wx.searchContacts
CVSS 7.5
CVE-2021-4135 MEDIUM
Linux Kernel < 5.16 - Memory Leak in eBPF Simulated Networking Device Driver
CVSS 5.5
CVE-2021-39019 MEDIUM
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2 - Sensitive Information Exposure
CVSS 6.5
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits