CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,151 vulnerabilities with CWE-200
CVE-2021-45646 MEDIUM
NETGEAR R7000 <1.0.11.116 - Info Disclosure
CVSS 5.3
CVE-2021-45603 MEDIUM
NETGEAR Multiple Routers - Unauthenticated Sensitive Information Exposure via UPnP Request
CVSS 6.1
CVE-2021-45493 HIGH
NETGEAR RAX35 RAX38 RAX40 < 1.0.4.102 - Unauthenticated Admin Credential Exposure
CVSS 7.6
CVE-2021-4024 MEDIUM
Podman <3.4.3 - gvproxy API Exposure Allows Host-to-VM Port Forwarding
CVSS 6.5
CVE-2021-39013 MEDIUM
IBM Cloud Pak for Security <1.7.2.0 - Info Disclosure
CVSS 6.5
CVE-2021-36341 MEDIUM
Dell Wyse Device Agent <14.5.4.1 - Info Disclosure
CVSS 5.5
CVE-2021-44145 MEDIUM
Apache NiFi < 1.15.1 - Authenticated Exposure of Sensitive Information via TransformXML Processor
CVSS 6.5
CVE-2021-45038 MEDIUM
MediaWiki < 1.35.5, 1.36.x < 1.36.3, 1.37.x < 1.37.1 - Private Wiki Contents Exposure via Rollback
CVSS 5.3
CVE-2021-45095 MEDIUM
Linux Kernel < 5.15.8 - Exposure of Sensitive Information via Refcount Leak in pep_sock_accept
CVSS 5.5
CVE-2021-1023 MEDIUM
Android 12 - Unauthenticated App Installation Status Exposure via Side Channel
CVSS 5.0
CVE-2021-0983 LOW
Android - Local Information Disclosure via DevicePolicyManagerService Side Channel
CVSS 3.3
CVE-2021-43823 MEDIUM
Sourcegraph <3.33.2 - Info Disclosure
CVSS 6.5
CVE-2021-38901 MEDIUM
IBM Spectrum Protect Operations Center 7.1 - Info Disclosure
CVSS 5.5
CVE-2021-39941 LOW
GitLab 12.0-14.3.6, 14.4-14.4.4, 14.5-14.5.2 - Unauthenticated Exposure of Sensitive Information via Default Branch Name
CVSS 3.7
CVE-2021-24945 HIGH
LikeBtn WordPress <2.6.38 - Info Disclosure
CVSS 8.0
CVE-2021-37935 HIGH
Huntflow Enterprise < 3.10.4 - Unauthenticated LDAP Server Domain Disclosure via Login Page
CVSS 7.5
CVE-2021-43536 MEDIUM
Thunderbird <91.4.0 - Firefox <95. - Info Disclosure
CVSS 6.5
CVE-2021-41090 MEDIUM
Grafana Agent <0.20.1-0.21.2 - Info Disclosure
CVSS 6.5
CVE-2021-25519 MEDIUM
CPLC <SMR Dec-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-43067 HIGH
Fortinet FortiAuthenticator <6.4.0 - Info Disclosure
CVSS 8.3
CVE-2021-43963 HIGH
Couchbase Sync Gateway <2.8.2 - Privilege Escalation
CVSS 8.1
CVE-2021-37067 HIGH
HarmonyOS < 2.0 - Exposure of Sensitive Information to an Unauthorized Actor
CVSS 7.5
CVE-2021-29115 MEDIUM
Esri ArcGIS Enterprise < 10.9 - Information Disclosure via ArcGIS Service Directory
CVSS 5.3
CVE-2021-36198 HIGH
Johnsoncontrols Johnson Controls Kantech EntraPass <= 8.40 - Information Disclosure
CVSS 8.3
CVE-2021-43792 MEDIUM
Discourse < 2.7.11 - Unauthorized Exposure of Sensitive Tag Notifications
CVSS 4.3
Details
Vulnerabilities 10,151
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits